Empulse wrote
I think he is commenting on the way the error messages are formatted, not asking for help on the particular problem.
You are right Empulse. It is the format.
Let's think a bit like a bad guy...imagine someone trying to hit your site so bad that can make it crash, your site reveals DB name and ConnectionString username. After a few techniques are executed to get control:
Hmm, it is DNN...Ok, runs on Windows, MS SQL Server, I've got DB name and username...so, this username maybe can do CRUD,..also I know there is a default user 'host', and 'admin', so let me try to get all users...hmm, nice got em...oh, this site has ecommerce...and, what module is that? ok...oh, but this one runs under Windows Authentication, yataa!!
Indeed, this info is revealed when there are problems with the DB. Also, I noticed that even when you have a Custom Error Page, these messages may appear.
So, again, I think is best to catch SQL error and rephrase error description instead of passing it from the DB, to DNN, to the browser. Make it less technical on the browser and send a really technical error message via email or IPhone to the MIS, developer, whoever.
Thanks.